shared secrets admin page and fixes

2025-11-07 18:31:38 +01:00 · 2015-01-19 06:15:06 +00:00 · 2015-01-19 06:15:06 +00:00 · 9bd8f29ac8
commit 9bd8f29ac8
parent 64f0a91ee8
13 changed files with 445 additions and 76 deletions
--- a/4
+++ b/4
@ -1,9 +1,11 @@
 1/12/2015 Oleg Moskalenko <mom040267@gmail.com>
 Version 4.4.1.1 'Ardee West':
 	- https admin server;
-	- SSLv2 support removed;
+	- SSLv2 support removed (security concern fixed);
 	- The server-side short-term credentials mechanism support removed;
 	- OpenSSL 1.1.0 supported;
 	- shared secrets fixed in MongoDB: multiple secrets per realm allowed;
 	- shared secrets admin fixed in Redis;
 12/24/2014 Oleg Moskalenko <mom040267@gmail.com>
 Version 4.3.3.1 'Tolomei':
--- a/examples/var/db/turndb
+++ b/examples/var/db/turndb
--- a/src/apps/relay/dbdrivers/dbd_mongo.c
+++ b/src/apps/relay/dbdrivers/dbd_mongo.c
@ -583,47 +583,76 @@ static int mongo_list_oauth_keys(void) {
  return ret;
 }
-static int mongo_show_secret(u08bits *realm) {
+static int mongo_list_secrets(u08bits *realm, secrets_list_t *secrets, secrets_list_t *realms)
-  mongoc_collection_t * collection = mongo_get_collection("turn_secret"); 
+{
 	mongoc_collection_t * collection = mongo_get_collection("turn_secret");
 	u08bits realm0[STUN_MAX_REALM_SIZE+1] = "\0";
 	if(!realm) realm=realm0;
 	if(!collection)
-    return -1;
+		return -1;
-  bson_t query;
+	bson_t query, child;
-  bson_init(&query);
+	bson_init(&query);
-  BSON_APPEND_UTF8(&query, "realm", (const char *)realm);
+	bson_append_document_begin(&query, "$orderby", -1, &child);
 	bson_append_int32(&child, "realm", -1, 1);
 	bson_append_int32(&child, "value", -1, 1);
 	bson_append_document_end(&query, &child);
 	bson_append_document_begin(&query, "$query", -1, &child);
 	if (realm && realm[0]) {
 		BSON_APPEND_UTF8(&child, "realm", (const char *)realm);
 	}
 	bson_append_document_end(&query, &child);
-  bson_t fields;
+	bson_t fields;
-  bson_init(&fields);
+	bson_init(&fields);
-  BSON_APPEND_INT32(&fields, "value", 1);
+	BSON_APPEND_INT32(&fields, "value", 1);
 	BSON_APPEND_INT32(&fields, "realm", 1);
-  mongoc_cursor_t * cursor;
+	mongoc_cursor_t * cursor;
-  cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 0, 0, &query, &fields, NULL);
+	cursor = mongoc_collection_find(collection, MONGOC_QUERY_NONE, 0, 0, 0, &query, &fields, NULL);
-  int ret = -1;
+	int ret = -1;
-  if (!cursor) {
+	if (!cursor) {
 		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error querying MongoDB collection 'turn_secret'\n");
-  } else {
+	} else {
-    const bson_t * item;
+		const bson_t * item;
-    uint32_t length;
+		uint32_t length;
-    bson_iter_t iter;
+		bson_iter_t iter;
-    const char * value;
+	    bson_iter_t iter_realm;
-    while (mongoc_cursor_next(cursor, &item)) {
+		const char * value;
-    	if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "value") && BSON_ITER_HOLDS_UTF8(&iter)) {
+		while (mongoc_cursor_next(cursor, &item)) {
-        value = bson_iter_utf8(&iter, &length);
+			if (bson_iter_init(&iter, item) && bson_iter_find(&iter, "value") && BSON_ITER_HOLDS_UTF8(&iter)) {
-        if (length) {
+				value = bson_iter_utf8(&iter, &length);
-					printf("%s\n", value);
+				if (length) {
-        }
+					const char *rval = "";
-      }
+					if (bson_iter_init(&iter_realm, item) && bson_iter_find(&iter_realm, "realm") && BSON_ITER_HOLDS_UTF8(&iter_realm)) {
-    }
+						rval = bson_iter_utf8(&iter_realm, &length);
-    mongoc_cursor_destroy(cursor);
+					}
-    ret = 0;
+					if(secrets) {
-  }
+						add_to_secrets_list(secrets,value);
-  mongoc_collection_destroy(collection);
+					    if(realms) {
-  bson_destroy(&query);
+					    	if(rval && *rval) {
-  bson_destroy(&fields);
+					    		add_to_secrets_list(realms,rval);
-  return ret;
+					    	} else {
 					    		add_to_secrets_list(realms,(char*)realm);
 					    	}
 					    }
 					} else {
 						printf("%s[%s]\n", value, rval);
 					}
 				}
 			}
 		}
 		mongoc_cursor_destroy(cursor);
 		ret = 0;
 	}
 	mongoc_collection_destroy(collection);
 	bson_destroy(&query);
 	bson_destroy(&fields);
 	return ret;
 }
 static int mongo_del_secret(u08bits *secret, u08bits *realm) {
@ -1277,7 +1306,7 @@ static const turn_dbdriver_t driver = {
  &mongo_set_user_key,
  &mongo_del_user,
  &mongo_list_users,
-  &mongo_show_secret,
+  &mongo_list_secrets,
  &mongo_del_secret,
  &mongo_set_secret,
  &mongo_add_origin,
--- a/src/apps/relay/dbdrivers/dbd_mysql.c
+++ b/src/apps/relay/dbdrivers/dbd_mysql.c
@ -605,10 +605,19 @@ static int mysql_list_users(u08bits *realm, secrets_list_t *users, secrets_list_
  return ret;
 }
-static int mysql_show_secret(u08bits *realm) {
+static int mysql_list_secrets(u08bits *realm, secrets_list_t *secrets, secrets_list_t *realms)
-  int ret = -1;
+{
 	int ret = -1;
 	u08bits realm0[STUN_MAX_REALM_SIZE+1] = "\0";
 	if(!realm) realm=realm0;
 	char statement[TURN_LONG_STRING_SIZE];
-	snprintf(statement,sizeof(statement)-1,"select value from turn_secret where realm='%s'",realm);
+	if (realm[0]) {
 		snprintf(statement, sizeof(statement), "select value,realm from turn_secret where realm='%s' order by value", realm);
 	} else {
 		snprintf(statement, sizeof(statement), "select value,realm from turn_secret order by realm,value");
 	}
 	donot_print_connection_success=1;
@ -621,7 +630,7 @@ static int mysql_show_secret(u08bits *realm) {
 			MYSQL_RES *mres = mysql_store_result(myc);
 			if(!mres) {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving MySQL DB information: %s\n",mysql_error(myc));
-			} else if(mysql_field_count(myc)!=1) {
+			} else if(mysql_field_count(myc)!=2) {
 				TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unknown error retrieving MySQL DB information: %s\n",statement);
 			} else {
 				for(;;) {
@ -629,19 +638,32 @@ static int mysql_show_secret(u08bits *realm) {
 					if(!row) {
 						break;
 					} else {
-						if(row[0]) {
+						const char* kval = row[0];
-							printf("%s\n",row[0]);
+						if(kval) {
 							const char* rval = row[1];
 							if(secrets) {
 								add_to_secrets_list(secrets,kval);
 								if(realms) {
 									if(rval && *rval) {
 										add_to_secrets_list(realms,rval);
 									} else {
 										add_to_secrets_list(realms,(char*)realm);
 									}
 								}
 							} else {
 								printf("%s[%s]\n",kval,rval);
 							}
 						}
 					}
 				}
-        ret = 0;
+				ret = 0;
 			}
 			if(mres)
 				mysql_free_result(mres);
 		}
 	}
-  return ret;
+	return ret;
 }
 static int mysql_del_secret(u08bits *secret, u08bits *realm) {
@ -1145,7 +1167,7 @@ static const turn_dbdriver_t driver = {
  &mysql_set_user_key,
  &mysql_del_user,
  &mysql_list_users,
-  &mysql_show_secret,
+  &mysql_list_secrets,
  &mysql_del_secret,
  &mysql_set_secret,
  &mysql_add_origin,
--- a/src/apps/relay/dbdrivers/dbd_pgsql.c
+++ b/src/apps/relay/dbdrivers/dbd_pgsql.c
@ -376,10 +376,19 @@ static int pgsql_list_users(u08bits *realm, secrets_list_t *users, secrets_list_
  return ret;
 }
-static int pgsql_show_secret(u08bits *realm) {
+static int pgsql_list_secrets(u08bits *realm, secrets_list_t *secrets, secrets_list_t *realms)
-  int ret = -1;
+{
 	int ret = -1;
 	u08bits realm0[STUN_MAX_REALM_SIZE+1] = "\0";
 	if(!realm) realm=realm0;
 	char statement[TURN_LONG_STRING_SIZE];
-	snprintf(statement,sizeof(statement)-1,"select value from turn_secret where realm='%s'",realm);
+	if (realm[0]) {
 		snprintf(statement, sizeof(statement), "select value,realm from turn_secret where realm='%s' order by value", realm);
 	} else {
 		snprintf(statement, sizeof(statement), "select value,realm from turn_secret order by realm,value");
 	}
 	donot_print_connection_success=1;
@ -393,16 +402,28 @@ static int pgsql_show_secret(u08bits *realm) {
 			for(i=0;i<PQntuples(res);i++) {
 				char *kval = PQgetvalue(res,i,0);
 				if(kval) {
-					printf("%s\n",kval);
+					char* rval = PQgetvalue(res,i,1);
 					if(secrets) {
 						add_to_secrets_list(secrets,kval);
 						if(realms) {
 							if(rval && *rval) {
 								add_to_secrets_list(realms,rval);
 							} else {
 								add_to_secrets_list(realms,(char*)realm);
 							}
 						}
 					} else {
 						printf("%s[%s]\n",kval,rval);
 					}
 				}
 			}
-      ret = 0;
+			ret = 0;
 		}
 		if(res) {
 			PQclear(res);
 		}
 	}
-  return ret;
+	return ret;
 }
 static int pgsql_del_secret(u08bits *secret, u08bits *realm) {
@ -862,7 +883,7 @@ static const turn_dbdriver_t driver = {
  &pgsql_set_user_key,
  &pgsql_del_user,
  &pgsql_list_users,
-  &pgsql_show_secret,
+  &pgsql_list_secrets,
  &pgsql_del_secret,
  &pgsql_set_secret,
  &pgsql_add_origin,
--- a/src/apps/relay/dbdrivers/dbd_redis.c
+++ b/src/apps/relay/dbdrivers/dbd_redis.c
@ -686,9 +686,13 @@ static int redis_list_oauth_keys(void) {
 }
-static int redis_show_secret(u08bits *realm)
+static int redis_list_secrets(u08bits *realm, secrets_list_t *secrets, secrets_list_t *realms)
 {
 	int ret = -1;
 	u08bits realm0[STUN_MAX_REALM_SIZE+1] = "\0";
 	if(!realm) realm=realm0;
 	donot_print_connection_success = 1;
 	redisContext *rc = get_redis_connection();
 	if (rc) {
@ -717,6 +721,8 @@ static int redis_show_secret(u08bits *realm)
 				}
 			}
 			size_t rhsz=strlen("turn/realm/");
 			for (isz = 0; isz < keys.sz; ++isz) {
 				snprintf(s, sizeof(s), "smembers %s", keys.secrets[isz]);
 				redisReply *rget = (redisReply *) redisCommand(rc, s);
@ -729,9 +735,32 @@ static int redis_show_secret(u08bits *realm)
 						if (rget->type != REDIS_REPLY_NIL)
 							TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Unexpected type: %d\n", rget->type);
 					} else {
 						char *s = keys.secrets[isz];
 						char *sh = strstr(s,"turn/realm/");
 						if(sh != s) continue;
 						sh += rhsz;
 						char* st = strchr(sh,'/');
 						if(!st) continue;
 						*st=0;
 						const char *rval = sh;
 						size_t i;
 						for (i = 0; i < rget->elements; ++i) {
-							printf("%s\n", rget->element[i]->str);
+							const char *kval = rget->element[i]->str;
 							if(secrets) {
 								add_to_secrets_list(secrets,kval);
 								if(realms) {
 									if(rval && *rval) {
 								   		add_to_secrets_list(realms,rval);
 									} else {
 										add_to_secrets_list(realms,(char*)realm);
 									}
 								}
 							} else {
 								printf("%s[%s]\n", kval, rval);
 							}
 						}
 					}
 				}
@ -1262,7 +1291,7 @@ static const turn_dbdriver_t driver = {
  &redis_set_user_key,
  &redis_del_user,
  &redis_list_users,
-  &redis_show_secret,
+  &redis_list_secrets,
  &redis_del_secret,
  &redis_set_secret,
  &redis_add_origin,
--- a/src/apps/relay/dbdrivers/dbd_sqlite.c
+++ b/src/apps/relay/dbdrivers/dbd_sqlite.c
@ -581,13 +581,22 @@ static int sqlite_list_users(u08bits *realm, secrets_list_t *users, secrets_list
 	return ret;
 }
-static int sqlite_show_secret(u08bits *realm)
+static int sqlite_list_secrets(u08bits *realm, secrets_list_t *secrets, secrets_list_t *realms)
 {
 	int ret = -1;
 	char statement[TURN_LONG_STRING_SIZE];
 	u08bits realm0[STUN_MAX_REALM_SIZE+1] = "\0";
 	if(!realm) realm=realm0;
 	sqlite3_stmt *st = NULL;
 	int rc = 0;
-	snprintf(statement,sizeof(statement)-1,"select value from turn_secret where realm='%s'",realm);
+
 	if (realm[0]) {
 		snprintf(statement, sizeof(statement), "select value,realm from turn_secret where realm='%s' order by value", realm);
 	} else {
 		snprintf(statement, sizeof(statement), "select value,realm from turn_secret order by realm,value");
 	}
 	donot_print_connection_success=1;
@ -597,17 +606,37 @@ static int sqlite_show_secret(u08bits *realm)
 		sqlite_lock(0);
 		if ((rc = sqlite3_prepare(sqliteconnection, statement, -1, &st, 0)) == SQLITE_OK) {
-			int res = sqlite3_step(st);
+
-			if (res == SQLITE_ROW) {
+			int res = 0;
-				ret = 0;
+			while(1) {
-				const char* kval = (const char*) sqlite3_column_text(st, 0);
+				res = sqlite3_step(st);
-				if(kval) {
+				if (res == SQLITE_ROW) {
-					printf("%s\n",kval);
+					ret = 0;
 					const char* kval = (const char*) sqlite3_column_text(st, 0);
 					if(kval) {
 						const char* rval = (const char*) sqlite3_column_text(st, 1);
 						if(secrets) {
 							add_to_secrets_list(secrets,kval);
 							if(realms) {
 								if(rval && *rval) {
 									add_to_secrets_list(realms,rval);
 								} else {
 									add_to_secrets_list(realms,(char*)realm);
 								}
 							}
 						} else {
 							printf("%s[%s]\n",kval,rval);
 						}
 					}
 				} else if (res == SQLITE_DONE) {
 					break;
 				} else {
 					const char* errmsg = sqlite3_errmsg(sqliteconnection);
 					TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
 					ret = -1;
 					break;
 				}
 			}
 		} else {
 			const char* errmsg = sqlite3_errmsg(sqliteconnection);
 			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Error retrieving SQLite DB information: %s\n", errmsg);
 		}
 		sqlite3_finalize(st);
@ -1200,7 +1229,7 @@ static const turn_dbdriver_t driver = {
  &sqlite_set_user_key,
  &sqlite_del_user,
  &sqlite_list_users,
-  &sqlite_show_secret,
+  &sqlite_list_secrets,
  &sqlite_del_secret,
  &sqlite_set_secret,
  &sqlite_add_origin,
--- a/src/apps/relay/dbdrivers/dbdriver.h
+++ b/src/apps/relay/dbdrivers/dbdriver.h
@ -53,7 +53,7 @@ typedef struct _turn_dbdriver_t {
  int (*set_user_key)(u08bits *usname, u08bits *realm, const char *key);
  int (*del_user)(u08bits *usname, u08bits *realm);
  int (*list_users)(u08bits *realm, secrets_list_t *users, secrets_list_t *realms);
-  int (*show_secret)(u08bits *realm);
+  int (*list_secrets)(u08bits *realm, secrets_list_t *users, secrets_list_t *realms);
  int (*del_secret)(u08bits *secret, u08bits *realm);
  int (*set_secret)(u08bits *secret, u08bits *realm);
  int (*add_origin)(u08bits *origin, u08bits *realm);
--- a/src/apps/relay/http_server.c
+++ b/src/apps/relay/http_server.c
@ -61,7 +61,7 @@ static void write_http_echo(ioa_socket_handle s)
 			char data_http[1025];
 			char content_http[1025];
 			const char* title = "TURN Server";
-			snprintf(content_http,sizeof(content_http)-1,"<!DOCTYPE html>\r\n<html>\r\n  <head>\r\n    <title>%s</title>\r\n  </head>\r\n  <body>\r\n    %s\r\n  </body>\r\n</html>\r\n",title,title);
+			snprintf(content_http,sizeof(content_http)-1,"<!DOCTYPE html>\r\n<html>\r\n  <head>\r\n    <title>%s</title>\r\n  </head>\r\n  <body>\r\n    <b>%s</b> <br> <b><i>use https connection for the admin session</i></b>\r\n  </body>\r\n</html>\r\n",title,title);
 			snprintf(data_http,sizeof(data_http)-1,"HTTP/1.1 200 OK\r\nServer: %s\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: %d\r\n\r\n%s",TURN_SOFTWARE,(int)strlen(content_http),content_http);
 			len_http = strlen(data_http);
 			ns_bcopy(data_http,data,len_http);
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@ -1361,6 +1361,7 @@ enum _AS_FORM {
 	AS_FORM_UPDATE,
 	AS_FORM_PS,
 	AS_FORM_USERS,
 	AS_FORM_SS,
 	AS_FORM_UNKNOWN
 };
@ -1371,13 +1372,15 @@ typedef enum _AS_FORM AS_FORM;
 #define HR_PASSWORD1 "pwd1"
 #define HR_REALM "realm"
 #define HR_ADD_USER "add_user"
-#define HR_ADD_USER_REALM "add_user_realm"
+#define HR_ADD_REALM "add_user_realm"
 #define HR_ADD_SECRET "add_secret"
 #define HR_CLIENT_PROTOCOL "cprotocol"
 #define HR_USER_PATTERN "puser"
 #define HR_MAX_SESSIONS "maxsess"
 #define HR_CANCEL_SESSION "cs"
 #define HR_DELETE_USER "du"
 #define HR_DELETE_REALM "dr"
 #define HR_DELETE_SECRET "ds"
 struct form_name {
 	AS_FORM form;
@ -1393,6 +1396,7 @@ static struct form_name form_names[] = {
 				{AS_FORM_UPDATE,"/update"},
 				{AS_FORM_PS,"/ps"},
 				{AS_FORM_USERS,"/us"},
 				{AS_FORM_SS,"/ss"},
 				{AS_FORM_UNKNOWN,NULL}
 };
@ -1531,6 +1535,10 @@ static void write_https_home_page(ioa_socket_handle s)
 			str_buffer_append(sb,form_names[AS_FORM_USERS].name);
 			str_buffer_append(sb,"\">");
 			str_buffer_append(sb,"<br><input type=\"submit\" value=\"Shared Secrets (for TURN REST API)\" formaction=\"");
 			str_buffer_append(sb,form_names[AS_FORM_SS].name);
 			str_buffer_append(sb,"\">");
 			str_buffer_append(sb,"</fieldset>\r\n");
 			str_buffer_append(sb,"</form>\r\n");
@ -2325,7 +2333,7 @@ static void write_users_page(ioa_socket_handle s, const u08bits *add_user, const
 			}
 			str_buffer_append(sb,"  <br>Realm name: <input type=\"text\" name=\"");
-			str_buffer_append(sb,HR_ADD_USER_REALM);
+			str_buffer_append(sb,HR_ADD_REALM);
 			str_buffer_append(sb,"\" value=\"");
 			str_buffer_append(sb,(const char*)add_realm);
 			str_buffer_append(sb,"\"");
@ -2393,6 +2401,157 @@ static void write_users_page(ioa_socket_handle s, const u08bits *add_user, const
 	}
 }
 static size_t https_print_secrets(struct str_buffer* sb)
 {
 	size_t ret = 0;
 	const turn_dbdriver_t * dbd = get_dbdriver();
 	if (dbd && dbd->list_secrets) {
 		secrets_list_t secrets,realms;
 		init_secrets_list(&secrets);
 		init_secrets_list(&realms);
 		dbd->list_secrets((u08bits*)current_socket->as_eff_realm,&secrets,&realms);
 		size_t sz = get_secrets_list_size(&secrets);
 		size_t i;
 		for(i=0;i<sz;++i) {
 			str_buffer_append(sb,"<tr><td>");
 			str_buffer_append_sz(sb,i);
 			str_buffer_append(sb,"</td>");
 			str_buffer_append(sb,"<td>");
 			str_buffer_append(sb,get_secrets_list_elem(&secrets,i));
 			str_buffer_append(sb,"</td>");
 			if(!current_socket->as_eff_realm[0]) {
 				str_buffer_append(sb,"<td>");
 				str_buffer_append(sb,get_secrets_list_elem(&realms,i));
 				str_buffer_append(sb,"</td>");
 			}
 			str_buffer_append(sb,"<td> <a href=\"");
 			str_buffer_append(sb,form_names[AS_FORM_SS].name);
 			str_buffer_append(sb,"?");
 			str_buffer_append(sb,HR_DELETE_SECRET);
 			str_buffer_append(sb,"=");
 			str_buffer_append(sb,get_secrets_list_elem(&secrets,i));
 			str_buffer_append(sb,"&");
 			str_buffer_append(sb,HR_DELETE_REALM);
 			str_buffer_append(sb,"=");
 			str_buffer_append(sb,get_secrets_list_elem(&realms,i));
 			str_buffer_append(sb,"\">delete</a>");
 			str_buffer_append(sb,"</td>");
 			str_buffer_append(sb,"</tr>");
 			++ret;
 		}
 		clean_secrets_list(&secrets);
 		clean_secrets_list(&realms);
 	}
 	return ret;
 }
 static void write_shared_secrets_page(ioa_socket_handle s, const char* add_secret, const char* add_realm, const char* msg)
 {
 	if(s && !ioa_socket_tobeclosed(s)) {
 		if(!(s->as_ok)) {
 			write_https_logon_page(s);
 		} else {
 			struct str_buffer* sb = str_buffer_new();
 			str_buffer_append(sb,"<!DOCTYPE html>\r\n<html>\r\n  <head>\r\n    <title>");
 			str_buffer_append(sb,admin_title);
 			str_buffer_append(sb,"</title>\r\n <style> table, th, td { border: 1px solid black; } table#msg th { color: red; background-color: white; } </style> </head>\r\n  <body>\r\n    ");
 			str_buffer_append(sb,bold_admin_title);
 			str_buffer_append(sb,"<br>\r\n");
 			str_buffer_append(sb,home_link);
 			str_buffer_append(sb,"<br>\r\n");
 			str_buffer_append(sb,"<form action=\"");
 			str_buffer_append(sb,form_names[AS_FORM_SS].name);
 			str_buffer_append(sb,"\" method=\"POST\">\r\n");
 			str_buffer_append(sb,"  <fieldset><legend>Filter:</legend>\r\n");
 			str_buffer_append(sb,"  <br>Realm name: <input type=\"text\" name=\"");
 			str_buffer_append(sb,HR_REALM);
 			str_buffer_append(sb,"\" value=\"");
 			str_buffer_append(sb,get_eff_realm());
 			str_buffer_append(sb,"\"");
 			if(!is_superuser()) {
 				str_buffer_append(sb," disabled ");
 			}
 			str_buffer_append(sb,">");
 			str_buffer_append(sb,"<br><input type=\"submit\" value=\"Filter\">");
 			str_buffer_append(sb,"</fieldset>\r\n");
 			str_buffer_append(sb,"</form>\r\n");
 			str_buffer_append(sb,"<form action=\"");
 			str_buffer_append(sb,form_names[AS_FORM_SS].name);
 			str_buffer_append(sb,"\" method=\"POST\">\r\n");
 			str_buffer_append(sb,"  <fieldset><legend>Secret:</legend>\r\n");
 			if(msg && msg[0]) {
 				str_buffer_append(sb,"<br><table id=\"msg\"><th>");
 				str_buffer_append(sb,msg);
 				str_buffer_append(sb,"</th></table><br>");
 			}
 			str_buffer_append(sb,"  <br>Realm name: <input type=\"text\" name=\"");
 			str_buffer_append(sb,HR_ADD_REALM);
 			str_buffer_append(sb,"\" value=\"");
 			str_buffer_append(sb,(const char*)add_realm);
 			str_buffer_append(sb,"\"");
 			if(!is_superuser()) {
 				str_buffer_append(sb," disabled ");
 			}
 			str_buffer_append(sb,"><br>\r\n");
 			str_buffer_append(sb,"  <br>Secret: <input type=\"text\" name=\"");
 			str_buffer_append(sb,HR_ADD_SECRET);
 			str_buffer_append(sb,"\" value=\"");
 			str_buffer_append(sb,(const char*)add_secret);
 			str_buffer_append(sb,"\"");
 			str_buffer_append(sb,"><br>\r\n");
 			str_buffer_append(sb,"<br><input type=\"submit\" value=\"Add secret\">");
 			str_buffer_append(sb,"</fieldset>\r\n");
 			str_buffer_append(sb,"</form>\r\n");
 			str_buffer_append(sb,"Secrets:<br>\r\n");
 			str_buffer_append(sb,"<table>\r\n");
 			str_buffer_append(sb,"<tr><th>N</th><th>Value</th>");
 			if(!current_socket->as_eff_realm[0]) {
 				str_buffer_append(sb,"<th>Realm</th>");
 			}
 			str_buffer_append(sb,"<th> </th>");
 			str_buffer_append(sb,"</tr>\r\n");
 			size_t total_sz = https_print_secrets(sb);
 			str_buffer_append(sb,"\r\n</table>\r\n");
 			str_buffer_append(sb,"<br>Total secrets = ");
 			str_buffer_append_sz(sb,total_sz);
 			str_buffer_append(sb,"<br>\r\n");
 			str_buffer_append(sb,"</body>\r\n</html>\r\n");
 			send_str_from_ioa_socket_tcp(s,"HTTP/1.1 200 OK\r\nServer: ");
 			send_str_from_ioa_socket_tcp(s,TURN_SOFTWARE);
 			send_str_from_ioa_socket_tcp(s,"\r\nContent-Type: text/html; charset=UTF-8\r\nContent-Length: ");
 			send_ulong_from_ioa_socket_tcp(s,str_buffer_get_str_len(sb));
 			send_str_from_ioa_socket_tcp(s,"\r\n\r\n");
 			send_str_from_ioa_socket_tcp(s,str_buffer_get_str(sb));
 			str_buffer_free(sb);
 		}
 	}
 }
 static void handle_toggle_request(ioa_socket_handle s, struct http_request* hr)
 {
 	if(s && hr) {
@ -2563,7 +2722,7 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 						add_user = (const u08bits*)"";
 					}
 					if(add_user[0]) {
-						add_realm = (const u08bits*)get_http_header_value(hr, HR_ADD_USER_REALM);
+						add_realm = (const u08bits*)get_http_header_value(hr, HR_ADD_REALM);
 						if(!add_realm) {
 							add_realm=(const u08bits*)"";
 						}
@ -2626,6 +2785,82 @@ static void handle_https(ioa_socket_handle s, ioa_network_buffer_handle nbh)
 				}
 				break;
 			}
 			case AS_FORM_SS: {
 				if(s->as_ok) {
 					{
 						const char *realm0 = get_http_header_value(hr, HR_REALM);
 						if(!realm0)
 							realm0="";
 						if(!is_superuser())
 							realm0 = current_socket->as_realm;
 						STRCPY(current_socket->as_eff_realm,realm0);
 					}
 					{
 						const u08bits *secret = (const u08bits*)get_http_header_value(hr, HR_DELETE_SECRET);
 						if(secret && secret[0]) {
 							const u08bits *realm = (const u08bits*)get_http_header_value(hr, HR_DELETE_REALM);
 							if(!is_superuser()) {
 								realm = (const u08bits*)current_socket->as_realm;
 							}
 							if(realm && realm[0]) {
 								const turn_dbdriver_t * dbd = get_dbdriver();
 								if (dbd && dbd->del_secret) {
 									u08bits ss[AUTH_SECRET_SIZE+1];
 									u08bits r[STUN_MAX_REALM_SIZE+1];
 									STRCPY(ss,secret);
 									STRCPY(r,realm);
 									dbd->del_secret(ss,r);
 								}
 							}
 						}
 					}
 					const u08bits *add_realm = (const u08bits*)current_socket->as_eff_realm;
 					const u08bits *add_secret = (const u08bits*)get_http_header_value(hr, HR_ADD_SECRET);
 					const char* msg = "";
 					if(!add_secret) add_secret = (const u08bits*)"";
 					if(wrong_html_name((const char*)add_secret)) {
 						msg = "Error: wrong secret value";
 						add_secret = (const u08bits*)"";
 					}
 					if(add_secret[0]) {
 						add_realm = (const u08bits*)get_http_header_value(hr, HR_ADD_REALM);
 						if(!add_realm) {
 							add_realm=(const u08bits*)"";
 						}
 						if(!is_superuser()) {
 							add_realm = (const u08bits*)current_socket->as_realm;
 						}
 						if(!add_realm[0]) {
 							add_realm=(const u08bits*)current_socket->as_eff_realm;
 						}
 						if(wrong_html_name((const char*)add_realm)) {
 							msg = "Error: wrong realm name";
 							add_realm = (const u08bits*)"";
 						}
 						if(add_realm[0]) {
 							const turn_dbdriver_t * dbd = get_dbdriver();
 							if (dbd && dbd->set_secret) {
 								u08bits ss[AUTH_SECRET_SIZE+1];
 								u08bits r[STUN_MAX_REALM_SIZE+1];
 								STRCPY(ss,add_secret);
 								STRCPY(r,add_realm);
 								(*dbd->set_secret)(ss, r);
 							}
 							add_secret=(const u08bits*)"";
 							add_realm=(const u08bits*)"";
 						}
 					}
 					write_shared_secrets_page(s,(const char*)add_secret,(const char*)add_realm,msg);
 				} else {
 					write_https_logon_page(s);
 				}
 				break;
 			}
 			case AS_FORM_TOGGLE:
 				if(s->as_ok) {
 					handle_toggle_request(s,hr);
--- a/src/apps/relay/userdb.c
+++ b/src/apps/relay/userdb.c
@ -785,11 +785,9 @@ static int list_users(u08bits *realm, int is_admin)
 static int show_secret(u08bits *realm)
 {
 	must_set_admin_realm(realm);
  const turn_dbdriver_t * dbd = get_dbdriver();
-  if (dbd && dbd->show_secret) {
+  if (dbd && dbd->list_secrets) {
-    (*dbd->show_secret)(realm);
+    (*dbd->list_secrets)(realm,NULL,NULL);
  }
  return 0;
--- a/turndb/testmongosetup.sh
+++ b/turndb/testmongosetup.sh
@ -5,7 +5,7 @@ mongo $* <<EOF
 use coturn;
 db.turnusers_lt.ensureIndex({ realm: 1, name: 1 }, { unique: 1 });
-db.turn_secret.ensureIndex({ realm: 1 }, { unique: 1 });
+db.turn_secret.ensureIndex({ realm: 1, value:1 }, { unique: 1 });
 db.realm.ensureIndex({ realm: 1 }, { unique: 1 });
 db.oauth_key.ensureIndex({ kid: 1 }, {unique: 1 });
@ -15,7 +15,9 @@ db.turnusers_lt.insert({ realm: 'crinna.org', name: 'whirrun', hmackey: '6972e85
 db.turnusers_lt.insert({ realm: 'crinna.org', name: 'stranger-come-knocking', hmackey: 'd43cb678560259a1839bff61c19de15e' });
 db.turn_secret.insert({ realm: 'north.gov', value: 'logen' });
 db.turn_secret.insert({ realm: 'north.gov', value: 'bloody9' });
 db.turn_secret.insert({ realm: 'crinna.org', value: 'north' });
 db.turn_secret.insert({ realm: 'crinna.org', value: 'library' });
 db.admin_user.insert({ name: 'skarling', realm: 'north.gov', password: 'hoodless' });
 db.admin_user.insert({ name: 'bayaz', realm: '', password: 'magi' });
--- a/turndb/testsqldbsetup.sql
+++ b/turndb/testsqldbsetup.sql
@ -5,7 +5,9 @@ insert into turnusers_lt (realm, name, hmackey) values('crinna.org','whirrun','6
 insert into turnusers_lt (realm, name, hmackey) values('crinna.org','stranger-come-knocking','d43cb678560259a1839bff61c19de15e');
 insert into turn_secret (realm,value) values('north.gov','logen');
 insert into turn_secret (realm,value) values('north.gov','bloody9');
 insert into turn_secret (realm,value) values('crinna.org','north');
 insert into turn_secret (realm,value) values('crinna.org','library');
 insert into admin_user (name, realm, password) values('skarling','north.gov','hoodless');
 insert into admin_user (name, realm, password) values('bayaz','','magi');